Tuesday, July 23, 2013

Early this morning, Cisco (Nasdaq: CSCO)announced its intention to acquire Sourcefire (Nasdaq: FIRE) for $2.7 billion. Cisco will pay $76 a share, which equates to a 29% premium to yesterday's close at $59.08. From Sourcefire's point of view, this is not too shabby given their 2012 revenue of $223.1 million, an increase of 35% from the prior year.

On paper, this is a perfect match. In fact, I discussed potential Sourcefire acquirers with Gartner analyst, Greg Young, during last month's Gartner Security & Risk Management Summit in DC. We agreed that, realistically, Cisco was the only vendor that could acquire Sourcefire, as Juniper is rumored to be looking to exit the threat-protection space and Dell had already acquired SonicWALL.

From Sourcefire's point of view, they are the dominant player in a gradually declining IPS (intrusion prevention system) market. All signs point to enterprises transitioning from stand-alone firewalls and IPS appliances to consolidated NGFW (next-generation firewall) solutions. Although Sourcefire is slowly increasing its firewall capabilities, it's many years behind competing firewalls from Check Point, Palo Alto Networks, and Cisco. Plus, even if Sourcefire closed the firewall gap in a year or two, the company is just not perceived as a trusted firewall brand. In my view, Cisco is the life boat Sourcefire would need anyway in the next year or two. And it's much better to hop on the life boat now before their ship actually starts stinking.

From Cisco's point of view, there are two vendors that are dominating the firewall conversation today--Check Point and Palo Alto Networks. That's because each vendor has launched best-of-breed NGFW solutions featuring top-tier firewall capabilities, strong IPS detection, and robust application control, along with other features, such as URL filtering and advanced malware detection. Although Cisco offers a solid ASA firewall, its IPS component leaves much to be desired. If the company can integrate Sourcefire's best-in-class IPS and strong application control capabilities with Cisco ASA firewall software, then Cisco will be in a much better position to compete for NGFW dollars.

Although I strongly believe this is a perfect match for both companies, there are a few obstacles that both must contend with:

1. Cisco should not screw with Sourcefire's open source model. Snort is still the de-facto standard for IPS. Removing Snort from open source will result in a ton of bad press and many unhappy Snort and Sourcefire users.

2. Sourcefire's IPS and NGFW software is closely integrated with purpose-built network acceleration hardware from Netronome (assembled within Intel appliances). A proper NGFW uses a single-pass architecture for inspecting traffic by its firewall, IPS, and app control engines. I have no idea how long it will take to port Sourcefire software to Cisco hardware or Cisco software to Sourcefire hardware. Or, for that matter, how long it will take to create a unified management interface. But it's not going to be easy and it's not going to happen overnight.

3. Like most acquisitions of this kind (such as IBM's acquisition of ISS, HP's acquisition of TippingPoint, and Intel's acquisition of McAfee), the talent that caused the success of the acquired company will soon be marching out the door looking for the next big thing. Sourcefire is widely viewed as an innovative network security provider. Whether Cisco can carry that torch definitely remains to be seen. I think the best thing Cisco can do is offer Sourcefire's founder and CTO (and Snort creator), Marty Roesch (pictured above), an insane amount of money and an impressive title (Chief Security Strategist would do) to keep him around as long as possible.

If Cisco plays its cards right, its little orange dot on the Gartner Firewall Magic Quadrant may one day move from the Challengers box on the top left to the Leaders box on the top right, joining Check Point and Palo Alto Networks. But it's not going to happen overnight and it's certainly not going to be easy. But I wish Cisco and my former Sourcefire colleagues all the best.

Follow by Email

Blog Archive

About Us

CyberEdge Group is a premier research and marketing consulting firm serving the needs of high-tech vendors and service providers. Headquartered in historic Annapolis, Maryland, CyberEdge is a "virtual" consulting company comprised of more than two-dozen highly experienced career consultants spanning a variety of disciplines and industries.